1*ebfedea0SLionel Sambuc=pod 2*ebfedea0SLionel Sambuc 3*ebfedea0SLionel Sambuc=head1 NAME 4*ebfedea0SLionel Sambuc 5*ebfedea0SLionel Sambucpkcs7 - PKCS#7 utility 6*ebfedea0SLionel Sambuc 7*ebfedea0SLionel Sambuc=head1 SYNOPSIS 8*ebfedea0SLionel Sambuc 9*ebfedea0SLionel SambucB<openssl> B<pkcs7> 10*ebfedea0SLionel Sambuc[B<-inform PEM|DER>] 11*ebfedea0SLionel Sambuc[B<-outform PEM|DER>] 12*ebfedea0SLionel Sambuc[B<-in filename>] 13*ebfedea0SLionel Sambuc[B<-out filename>] 14*ebfedea0SLionel Sambuc[B<-print_certs>] 15*ebfedea0SLionel Sambuc[B<-text>] 16*ebfedea0SLionel Sambuc[B<-noout>] 17*ebfedea0SLionel Sambuc[B<-engine id>] 18*ebfedea0SLionel Sambuc 19*ebfedea0SLionel Sambuc=head1 DESCRIPTION 20*ebfedea0SLionel Sambuc 21*ebfedea0SLionel SambucThe B<pkcs7> command processes PKCS#7 files in DER or PEM format. 22*ebfedea0SLionel Sambuc 23*ebfedea0SLionel Sambuc=head1 COMMAND OPTIONS 24*ebfedea0SLionel Sambuc 25*ebfedea0SLionel Sambuc=over 4 26*ebfedea0SLionel Sambuc 27*ebfedea0SLionel Sambuc=item B<-inform DER|PEM> 28*ebfedea0SLionel Sambuc 29*ebfedea0SLionel SambucThis specifies the input format. B<DER> format is DER encoded PKCS#7 30*ebfedea0SLionel Sambucv1.5 structure.B<PEM> (the default) is a base64 encoded version of 31*ebfedea0SLionel Sambucthe DER form with header and footer lines. 32*ebfedea0SLionel Sambuc 33*ebfedea0SLionel Sambuc=item B<-outform DER|PEM> 34*ebfedea0SLionel Sambuc 35*ebfedea0SLionel SambucThis specifies the output format, the options have the same meaning as the 36*ebfedea0SLionel SambucB<-inform> option. 37*ebfedea0SLionel Sambuc 38*ebfedea0SLionel Sambuc=item B<-in filename> 39*ebfedea0SLionel Sambuc 40*ebfedea0SLionel SambucThis specifies the input filename to read from or standard input if this 41*ebfedea0SLionel Sambucoption is not specified. 42*ebfedea0SLionel Sambuc 43*ebfedea0SLionel Sambuc=item B<-out filename> 44*ebfedea0SLionel Sambuc 45*ebfedea0SLionel Sambucspecifies the output filename to write to or standard output by 46*ebfedea0SLionel Sambucdefault. 47*ebfedea0SLionel Sambuc 48*ebfedea0SLionel Sambuc=item B<-print_certs> 49*ebfedea0SLionel Sambuc 50*ebfedea0SLionel Sambucprints out any certificates or CRLs contained in the file. They are 51*ebfedea0SLionel Sambucpreceded by their subject and issuer names in one line format. 52*ebfedea0SLionel Sambuc 53*ebfedea0SLionel Sambuc=item B<-text> 54*ebfedea0SLionel Sambuc 55*ebfedea0SLionel Sambucprints out certificates details in full rather than just subject and 56*ebfedea0SLionel Sambucissuer names. 57*ebfedea0SLionel Sambuc 58*ebfedea0SLionel Sambuc=item B<-noout> 59*ebfedea0SLionel Sambuc 60*ebfedea0SLionel Sambucdon't output the encoded version of the PKCS#7 structure (or certificates 61*ebfedea0SLionel Sambucis B<-print_certs> is set). 62*ebfedea0SLionel Sambuc 63*ebfedea0SLionel Sambuc=item B<-engine id> 64*ebfedea0SLionel Sambuc 65*ebfedea0SLionel Sambucspecifying an engine (by its unique B<id> string) will cause B<pkcs7> 66*ebfedea0SLionel Sambucto attempt to obtain a functional reference to the specified engine, 67*ebfedea0SLionel Sambucthus initialising it if needed. The engine will then be set as the default 68*ebfedea0SLionel Sambucfor all available algorithms. 69*ebfedea0SLionel Sambuc 70*ebfedea0SLionel Sambuc=back 71*ebfedea0SLionel Sambuc 72*ebfedea0SLionel Sambuc=head1 EXAMPLES 73*ebfedea0SLionel Sambuc 74*ebfedea0SLionel SambucConvert a PKCS#7 file from PEM to DER: 75*ebfedea0SLionel Sambuc 76*ebfedea0SLionel Sambuc openssl pkcs7 -in file.pem -outform DER -out file.der 77*ebfedea0SLionel Sambuc 78*ebfedea0SLionel SambucOutput all certificates in a file: 79*ebfedea0SLionel Sambuc 80*ebfedea0SLionel Sambuc openssl pkcs7 -in file.pem -print_certs -out certs.pem 81*ebfedea0SLionel Sambuc 82*ebfedea0SLionel Sambuc=head1 NOTES 83*ebfedea0SLionel Sambuc 84*ebfedea0SLionel SambucThe PEM PKCS#7 format uses the header and footer lines: 85*ebfedea0SLionel Sambuc 86*ebfedea0SLionel Sambuc -----BEGIN PKCS7----- 87*ebfedea0SLionel Sambuc -----END PKCS7----- 88*ebfedea0SLionel Sambuc 89*ebfedea0SLionel SambucFor compatibility with some CAs it will also accept: 90*ebfedea0SLionel Sambuc 91*ebfedea0SLionel Sambuc -----BEGIN CERTIFICATE----- 92*ebfedea0SLionel Sambuc -----END CERTIFICATE----- 93*ebfedea0SLionel Sambuc 94*ebfedea0SLionel Sambuc=head1 RESTRICTIONS 95*ebfedea0SLionel Sambuc 96*ebfedea0SLionel SambucThere is no option to print out all the fields of a PKCS#7 file. 97*ebfedea0SLionel Sambuc 98*ebfedea0SLionel SambucThis PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they 99*ebfedea0SLionel Sambuccannot currently parse, for example, the new CMS as described in RFC2630. 100*ebfedea0SLionel Sambuc 101*ebfedea0SLionel Sambuc=head1 SEE ALSO 102*ebfedea0SLionel Sambuc 103*ebfedea0SLionel SambucL<crl2pkcs7(1)|crl2pkcs7(1)> 104*ebfedea0SLionel Sambuc 105*ebfedea0SLionel Sambuc=cut 106